Create a configuration “checkpoint” on “currently ACTIVE ACE” for EACH context.

(2) Backup (copy) config from each user context, including Admin context, from your currently in production ACE to a FTP server.

(3) Export your current “certs & keys” to a tftp/ ftp/ sftp server from the ACTIVE ACE & then import them on “the new ACE” later.

(4) Power down the ACE module, to be replaced, from the switch CLI in config mode (no power enable module ) and replace it with the replacement module.

(5) Power up the new replacement module from switch CLI (power enable module ).

(6) Once the new module is on line, session into it from the switch.

(7) Configure Admin context with an IP interface VLAN configuration so that you have IP connectivity to the module.

(8) Make sure you upgrade the newly received replacement ACE to exactly the same release of code as that of “currently ACTIVE ACE” .

(9) Configure Admin context with rest of the configuration as per backed up config ( for this ACE) EXCEPTFT configuration.

Note: If you don’t have a config for this module “backed” up. You would need to review Admin context configuration from “ACTIVE ACE” and configure it accordingly. Please make sure you use “peer IP address” information from currently ACTIVE ACE to configure this ACE module.

(10)If you have “ssl-proxy” service configured in any user context, please make sure you IMPORT all your “Certs & Keys” to this new ACE module before configuring your FT configuration. You can import them with option terminal (e.g. crypto import terminal) otherwise you would have to configure each context with an IP interface to be able to import certs/keys via tftp or ftp or sftp.

The ACE does not synchronize the SSL certificates and key pairs that are present in the active context with the standby context of an FT group. If the ACE performs configuration synchronization and does not find the necessary certificates and keys in the standby context, config sync fails and the standby context enters the STANDBY_COLD state. In order to correct this problem, verify if all certs and keys are installed on both ACE modules.

Replies

Create a configuration “checkpoint” on “currently ACTIVE ACE” for EACH context.

(2) Backup (copy) config from each user context, including Admin context, from your currently in production ACE to a FTP server.

(3) Export your current “certs & keys” to a tftp/ ftp/ sftp server from the ACTIVE ACE & then import them on “the new ACE” later.

(4) Power down the ACE module, to be replaced, from the switch CLI in config mode (no power enable module ) and replace it with the replacement module.

(5) Power up the new replacement module from switch CLI (power enable module ).

(6) Once the new module is on line, session into it from the switch.

(7) Configure Admin context with an IP interface VLAN configuration so that you have IP connectivity to the module.

(8) Make sure you upgrade the newly received replacement ACE to exactly the same release of code as that of “currently ACTIVE ACE” .

(9) Configure Admin context with rest of the configuration as per backed up config ( for this ACE) EXCEPTFT configuration.

Note: If you don’t have a config for this module “backed” up. You would need to review Admin context configuration from “ACTIVE ACE” and configure it accordingly. Please make sure you use “peer IP address” information from currently ACTIVE ACE to configure this ACE module.

(10)If you have “ssl-proxy” service configured in any user context, please make sure you IMPORT all your “Certs & Keys” to this new ACE module before configuring your FT configuration. You can import them with option terminal (e.g. crypto import terminal) otherwise you would have to configure each context with an IP interface to be able to import certs/keys via tftp or ftp or sftp.

The ACE does not synchronize the SSL certificates and key pairs that are present in the active context with the standby context of an FT group. If the ACE performs configuration synchronization and does not find the necessary certificates and keys in the standby context, config sync fails and the standby context enters the STANDBY_COLD state. In order to correct this problem, verify if all certs and keys are installed on both ACE modules.